Concordia Health Ltd Primary Care PORTER S AVENUE DOCTORS SURGERY UPDATE April 2018
Concordia Health Ltd Primary Care Summary of changes Agreement National Data Guardian Security Review (NDGSR) Compliance with ten new data security standards in the NDGSR. NHS England & GPC have agreed to jointly promote in guidance, with support from NHS England, DH and NHS Digital on the practical implementation of these recommendations. NHS England & GPC will take this forward via JGPCIT. New or ongoing requirement? New requirement 1 April start date? No to be developed throughout the year Concordia Progress Update National Data Guardian Security Review (NDGSR) Compliance with ten new data security standards in the NDGSR. Leadership Obligation 1. People: Ensure staff are equipped to handle information respectfully and safely, according to the Caldicott Principles. Data Security Standard 1: All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is shared for only lawful and appropriate purposes. COMPLIANT Primary Care has 100% compliance for IG training including data storage and handling, we undertake spot checks such as safe haven fax audits. Data Security Standard 2: All staff understand their responsibilities under the National Data Guardian s data security standards, including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches. COMPLIANT Primary Care has 100% compliance with training, we use the updated modules in e-lfh, staff are regularly reminded of responsibilities at weekly practice meetings attended by clinical and administrative support staff. Data Security Standard 3: All staff complete appropriate
annual data security training and pass a mandatory test, provided through the redesigned Information Governance Toolkit. COMPLIANT Primary Care has 100% compliance with training, we use the updated modules in e-lfh. Leadership Obligation 2 Process: Ensure the organisation proactively prevents data security breaches and responds appropriately to incidents or near misses. Data Security Standard 4: Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All instances of access to personal confidential data on IT systems can be attributed to individuals. COMPLIANT all staff issued with Smartcards and individual log ons, training includes understanding of appropriate access in line with the required purpose, access levels set and clinical system records access. Data Security Standard 5: Processes are reviewed at least annually to identify and improve any which have caused breaches or near misses, or which force staff to use workarounds which compromise data security. COMPLIANT in addition to annual reviews to complete IG toolkit we also review any breaches or near misses as a part of our significant vent and root cause analysis procedures. Our Information Governance leads are informed if any near misses and if appropriate we would inform the ICO (Information Commissioners Office) with which we are registered. Data Security Standard 6: Cyber-attacks against services are identified and resisted and CareCERT security advice is responded to. Action is taken as soon as possible following a data breach or near miss, with a report made to senior management within 12 hours of detection. Significant cyber-
attacks are to be reported to CareCERT immediately following detection. Data Security Standard 7: A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management. Leadership Obligation 3: Technology: Ensure technology is secure and up-to-date. There is a plan to review technology on an annual basis this includes but not limited to Operating system patch levels, Anti-Virus, encryption, Data Security Standard 8: No unsupported operating systems, software or internet browsers are used within the IT estate. We use the latest operating system with updates applied when tested. Antivirus is automatically updated on a daily/weekly basis. Data Security Standard 9: A strategy is in place for protecting IT systems from cyber threats, based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually. Data Security Standard 10: IT suppliers are held accountable via contracts for protecting the personal confidential data they process and for meeting the National Data Guardian s data security standards. Compliant, all suppliers also in line with Concordia s internal policies as set by the IG Steering Group sign our Data Sharing and Compliance agreement.
Information governance (IG) toolkit Complete NHS Digital IG toolkit, including adherence to requirements and attain Level 2 accreditation. Electronic repeat dispensing (ERD) Conversion by practices of electronic repeat prescriptions to electronic repeat dispensing A non-contractual target of 25% for 2017/18 with reference to the need for coordination with pharmacy to maximise uptake. Ongoing requirement most practices already complete the toolkit. New target but practices should know how to convert to ERD No must be completed No target for Compliant all Concordia sites have been assessed and have been registered on the online IG toolkit, uploads were submitted prior to 31.03/2018, min level 2 obtained across all parameters and 2018/19 target levels set Repeat dispensing - Ongoing Repeat dispensing is a very convenient/ time saving and cost effective method. At present we are using it for our patients who use dosette boxes. If patient is stable we can convert to ERD Or If patient is on regular medication of long term condition that can change to ERD Methodology- We issues 4 weekly batches of medications which are sent to the pharmacy and the pharmacy then issues a dosette box weekly to the patient without the need to ask for another prescription next week. We can do this on monthly or 2 monthly basis. Electronic Prescription Service (EPS) Non-contractual agreement to promote increased uptake of EPS in guidance, with reference to patient choice and pharmacy enablement. Ongoing up from 80% No target for We aim to extend this to our patients who are not on dosette boxes and who are stable on medications with medication review in place. We aim to select the patients and do batch repeated dispensing for them. In this we can send prescriptions for 6 months to the pharmacy and then the pharmacy can issue them monthly without the need for any prescription till the next review every 6 months. It will save time and will be cost effective. We already have various medications like emollients, creams etc on repeat dispensing and we aim to extend this as clinically appropriate. We have commenced meetings with local pharmacies to also discuss how we can support and maximise uptake. As per NHS guidance have already commenced EPS. We have a high number of patients who have signed up for patient online which has also assisted in rolling out EPS Process In line with patient choice we ask patients to nominate a pharmacy. We do not nominate it ourselves but ask the patient to
choose a pharmacy themselves. The pharmacy takes over their prescribing requests for repeats and the patients request acute medications. The patient can also requests the repeats on line themselves as long as no medication review is needed and the medication is not controlled. This makes things easy for the patients as they can get the medications from the place near to their work or home and takes away the hassle. Our Care home prescriptions are almost all done electronically. It is efficient and safer as the care homes sends us faxed requests and then the nominated person looks at the requests and gives them to the clinician who sends them electronically to a pharmacy which then delivers medications to the care home. 9 Agreement Patient access to online services Registered patients to be using one or more online services by 31/3/18 - online access to patient record, online appointment booking or electronic ordering of repeat prescriptions. A non-contractual target of 20% for one or more online service. New or ongoing requirement? Ongoing up from 10% 1 April start date? No target for Compliant we have achieved ell over the 20% target at our Child and family and Porter s Avenue sites. As a result of a robust engagement programme uptake has far exceeded the 20% sign up target a. Methods used to engage with patients to drive uptake, i.e. Patient education - Patient engaging by face to face to educate them to register online. providing leaflet, information available on website, Posters, LED board, assistance from reception team with the registration process b. How many patients offered Patient online
- offered to all patients c. How many are registered, number and % of list CAF uptake 35%, 3885 patients, PA uptake 40%, 3531 patients d. Confirm that you have the facility for the patient to do the following online book, view, cancel; amend and print appointments online -Yes patients can view and book and cancel appointment as required e. Order repeat prescriptions online - Yes patients can order repeat prescription f. To view and print a list of any drugs medicines or appliances in which the patient has a repeat prescription online - Yes patients are able to view list of drugs Electronic referrals A non-contractual target of 90%, with reference to where that is possible and enabled by secondary care providers. Clinical correspondence from secondary care Building on 2016/17 guidance, amend wording to ensure this guidance remains relevant as secondary care is required to send all clinical correspondence electronically. Ongoing up from 80% in 2016/17 Ongoing minor word change No target for Yes g. Facility for patients to access any summary information online - Yes patients can view their record h. View online, export or print any summary information Yes, patients are able to print summary or test result as required Ongoing - We have nominated staff who are trained and complete ers requirements. Managers and clinicians receive regular update training at PTI (protected time) which is then cascaded to the team. We also receive emails for any changes or update. If any queries administration team seek help from the ers team. Ongoing - Majority However we still receive post from secondary care for items such as discharge summaries or clinical letters and some as e-mails. All passed to daily duty doctor to action.
Record sharing including GP2GP using CDs Where GP2GPv2 not available CD transfer can be used - CD transfer should meet The Good Practice Guidelines for GP electronic patient records V4 (2011) and Records Management Guidance: Digital Document Scanning (2011). Ongoing for information only Yes Compliant we process majority of transfers as GP2GP. If patients registering from same borough (on EMIS Web) or from elsewhere on same clinical system then we receive/transfer notes via GP2GP. Administration of GP2GP via administration team. If we receive CD with paper notes that is entered onto the clinical system via the summariser. After registering via GP2GP we carry out new patients health check, for patients requiring medication sign off on GO2GP is via review by one of the GPs prior to issue. Integration Practices to note NHSD is managing migration of systems to SNOMED- CT, which includes GPSoC. Apps to access services & online access to clinical correspondence To note of ongoing provisions of 2016/17 guidance New Ongoing No Yes Ongoing roll out will be in line with NHSD timescale These apps that are provided as subsidiary services through Lot 1 of GPSoC are assured during the pairing process. This provides a number of services in line with Patient Online. Emis Web gives patients the tools to manage their own care. All Apps provide trusted health information secured for patient access. All information on how to register and access online services can be found on our website http://www.mgmp.co.uk/online In addition practices signed up to e-consult, training and roll out across all practices will be during Q1 2018/19